Over 180K Chrome users have installed ad-injecting extensions

The threat and research analysis team at Barracuda Labs have released their findings in a recent google chrome extension security test.

Their findings show that more than 180,000 Chrome users have installed one or more ad-injecting extensions that have been displaying spam on 44 different websites.

Jason Ding, a research scientist at Barracuda labs explained:

“When users try to download the extensions from the Chrome Web store, it will ask for ‘Access data to all websites’ permissions before users can download and install them. Once granted these permissions, JavaScript codes are sitting behind users’ browsers, and these extensions are available at users’ Chrome address.”

Ding continued to say that “the JavaScript code downloaded has a URL point to an outside JavaScript hosted at www.chromeadserver.com that will be executed whenever users are browsing a webpage.”

This means that ads are injected into these websites by using free space on the page.

For more detailed analysis of these extensions and how to remove them, head over to the Barracuda Lab’s original blog post.